redpanda_migrator_offsets
Redpanda Migrator consumer group offsets input using the Franz Kafka client library.
Introduced in version 4.45.0.
# Common config fields, showing default valuesinput: label: "" redpanda_migrator_offsets: seed_brokers: [] # No default (required) topics: [] # No default (required) regexp_topics: false auto_replay_nacks: true# Advanced config fields, showing default valuesinput: label: "" redpanda_migrator_offsets: seed_brokers: [] # No default (required) client_id: benthos tls: enabled: false skip_cert_verify: false enable_renegotiation: false root_cas: "" root_cas_file: "" client_certs: [] sasl: [] # No default (optional) metadata_max_age: 5m request_timeout_overhead: 10s conn_idle_timeout: 20s topics: [] # No default (required) regexp_topics: false rack_id: "" poll_interval: 15s auto_replay_nacks: trueThis input reads consumer group updates via the OffsetFetch API and should be used in combination with the redpanda_migrator_offsets output.
Metadata
This input adds the following metadata fields to each message:
- kafka_offset_topic- kafka_offset_group- kafka_offset_partition- kafka_offset_commit_timestamp- kafka_offset_metadata- kafka_is_high_watermarkFields
seed_brokers
A list of broker addresses to connect to in order to establish connections. If an item of the list contains commas it will be expanded into multiple addresses.
Type: array
# Examples
seed_brokers: - localhost:9092
seed_brokers: - foo:9092 - bar:9092
seed_brokers: - foo:9092,bar:9092client_id
An identifier for the client connection.
Type: string
Default: "benthos"
tls
Custom TLS settings can be used to override system defaults.
Type: object
tls.enabled
Whether custom TLS settings are enabled.
Type: bool
Default: false
tls.skip_cert_verify
Whether to skip server side certificate verification.
Type: bool
Default: false
tls.enable_renegotiation
Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you’re seeing the error message local error: tls: no renegotiation.
Type: bool
Default: false
Requires version 3.45.0 or newer
tls.root_cas
An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate.
Type: string
Default: ""
# Examples
root_cas: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----tls.root_cas_file
An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate.
Type: string
Default: ""
# Examples
root_cas_file: ./root_cas.pemtls.client_certs
A list of client certificates to use. For each certificate either the fields cert and key, or cert_file and key_file should be specified, but not both.
Type: array
Default: []
# Examples
client_certs: - cert: foo key: bar
client_certs: - cert_file: ./example.pem key_file: ./example.keytls.client_certs[].cert
A plain text certificate to use.
Type: string
Default: ""
tls.client_certs[].key
A plain text certificate key to use.
Type: string
Default: ""
tls.client_certs[].cert_file
The path of a certificate to use.
Type: string
Default: ""
tls.client_certs[].key_file
The path of a certificate key to use.
Type: string
Default: ""
tls.client_certs[].password
A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete pbeWithMD5AndDES-CBC algorithm is not supported for the PKCS#8 format.
Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
Type: string
Default: ""
# Examples
password: foo
password: ${KEY_PASSWORD}sasl
Specify one or more methods of SASL authentication. SASL is tried in order; if the broker supports the first mechanism, all connections will use that mechanism. If the first mechanism fails, the client will pick the first supported mechanism. If the broker does not support any client mechanisms, connections will fail.
Type: array
# Examples
sasl: - mechanism: SCRAM-SHA-512 password: bar username: foosasl[].mechanism
The SASL mechanism to use.
Type: string
| Option | Summary |
|---|---|
AWS_MSK_IAM | AWS IAM based authentication as specified by the ‘aws-msk-iam-auth’ java library. |
OAUTHBEARER | OAuth Bearer based authentication. |
PLAIN | Plain text authentication. |
SCRAM-SHA-256 | SCRAM based authentication as specified in RFC5802. |
SCRAM-SHA-512 | SCRAM based authentication as specified in RFC5802. |
none | Disable sasl authentication |
sasl[].username
A username to provide for PLAIN or SCRAM-* authentication.
Type: string
Default: ""
sasl[].password
A password to provide for PLAIN or SCRAM-* authentication.
Type: string
Default: ""
sasl[].token
The token to use for a single session’s OAUTHBEARER authentication.
Type: string
Default: ""
sasl[].extensions
Key/value pairs to add to OAUTHBEARER authentication requests.
Type: object
sasl[].aws
Contains AWS specific fields for when the mechanism is set to AWS_MSK_IAM.
Type: object
sasl[].aws.region
The AWS region to target.
Type: string
sasl[].aws.endpoint
Allows you to specify a custom endpoint for the AWS API.
Type: string
sasl[].aws.credentials
Optional manual configuration of AWS credentials to use. More information can be found in xref:guides:cloud/aws.adoc[].
Type: object
sasl[].aws.credentials.profile
A profile from ~/.aws/credentials to use.
Type: string
sasl[].aws.credentials.id
The ID of credentials to use.
Type: string
sasl[].aws.credentials.secret
The secret for the credentials being used.
Type: string
sasl[].aws.credentials.token
The token for the credentials being used, required when using short term credentials.
Type: string
sasl[].aws.credentials.from_ec2_role
Use the credentials of a host EC2 machine configured to assume an IAM role associated with the instance.
Type: bool
Requires version 4.2.0 or newer
sasl[].aws.credentials.role
A role ARN to assume.
Type: string
sasl[].aws.credentials.role_external_id
An external ID to provide when assuming a role.
Type: string
metadata_max_age
The maximum age of metadata before it is refreshed.
Type: string
Default: "5m"
request_timeout_overhead
The request time overhead. Uses the given time as overhead while deadlining requests. Roughly equivalent to request.timeout.ms, but grants additional time to requests that have timeout fields.
Type: string
Default: "10s"
conn_idle_timeout
The rough amount of time to allow connections to idle before they are closed.
Type: string
Default: "20s"
topics
A list of topics to consume from. Multiple comma separated topics can be listed in a single element. When a consumer_group is specified partitions are automatically distributed across consumers of a topic, otherwise all partitions are consumed.
Type: array
# Examples
topics: - foo - bar
topics: - things.*
topics: - foo,barregexp_topics
Whether listed topics should be interpreted as regular expression patterns for matching multiple topics.
Type: bool
Default: false
rack_id
A rack specifies where the client is physically located and changes fetch requests to consume from the closest replica as opposed to the leader replica.
Type: string
Default: ""
poll_interval
Duration between OffsetFetch polling attempts.
Type: string
Default: "15s"
auto_replay_nacks
Whether messages that are rejected (nacked) at the output level should be automatically replayed indefinitely, eventually resulting in back pressure if the cause of the rejections is persistent. If set to false these messages will instead be deleted. Disabling auto replays can greatly improve memory efficiency of high throughput streams as the original shape of the data can be discarded immediately upon consumption and mutation.
Type: bool
Default: true